🌀What do we need to know about secure SDLC?

From scratch to prod, what should we care about from a Security perspective to secure our Software Development Life Cycle - SSDLC

The following is an abstract of all the main topics & tools mentioned at the meetup made the 9/5/2024.

meetup slides

Requirements gathering and analysis

• OWASP ASVS
• OWASP SAMM
• OWASP Top 10
• COBIT
• NIST SP 800-53
• LOPDGDD

System Design

• Draw.io Threat Modeling - Recommended
• Miro - General purpose diagramming
• OWASP Threat Modeling Cheat Sheet
• OWASP Threat Dragon

Coding

For tools mentioned at the talk I think most of them can be or either integrated with an IDE plugin or with pre-commit.

• Semgrep - Recommended

... to be continued